[Stable-7.2.12 03/19] linux-user: do_setsockopt: fix SOL_ALG.ALG_SET

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Stable-7.2.12 03/19] linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY

From:	Michael Tokarev
Subject:	[Stable-7.2.12 03/19] linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
Date:	Mon, 27 May 2024 09:40:34 +0300

This setsockopt accepts zero-lengh optlen (current qemu implementation
does not allow this).  Also, there's no need to make a copy of the key,
it is enough to use lock_user() (which accepts zero length already).

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2197
Fixes: f31dddd2fc "linux-user: Add support for setsockopt() option SOL_ALG"
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <20240331100737.2724186-2-mjt@tls.msk.ru>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 04f6fb897a5aeb3e356a7b889869c9962f9c16c7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 41017b0df2..74240f99ad 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2297,18 +2297,13 @@ static abi_long do_setsockopt(int sockfd, int level, 
int optname,
         switch (optname) {
         case ALG_SET_KEY:
         {
-            char *alg_key = g_malloc(optlen);
-
+            char *alg_key = lock_user(VERIFY_READ, optval_addr, optlen, 1);
             if (!alg_key) {
-                return -TARGET_ENOMEM;
-            }
-            if (copy_from_user(alg_key, optval_addr, optlen)) {
-                g_free(alg_key);
                 return -TARGET_EFAULT;
             }
             ret = get_errno(setsockopt(sockfd, level, optname,
                                        alg_key, optlen));
-            g_free(alg_key);
+            unlock_user(alg_key, optval_addr, optlen);
             break;
         }
         case ALG_SET_AEAD_AUTHSIZE:
-- 
2.39.2

[Prev in Thread]

Current Thread

[Next in Thread]

[Stable-7.2.12 00/19] Patch Round-up for stable 7.2.12, freeze on 2024-06-07, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 05/19] nbd/server: Mark negotiation functions as coroutine_fn, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 03/19] linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY, Michael Tokarev <=
- [Stable-7.2.12 10/19] hw/arm/npcm7xx: Store derivative OTP fuse key in little endian, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 12/19] hw/remote/vfio-user: Fix config space access byte order, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 06/19] backends/cryptodev-builtin: Fix local_error leaks, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 09/19] hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 01/19] gitlab-ci: Remove job building EDK2 firmware binaries, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 02/19] gitlab/opensbi: Move to docker:stable, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 07/19] tests/avocado: update sunxi kernel from armbian to 6.6.16, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 11/19] target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 04/19] nbd/server: do not poll within a coroutine context, Michael Tokarev, 2024/05/27
- [Stable-7.2.12 08/19] .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs, Michael Tokarev, 2024/05/27

Prev by Date: [Stable-7.2.12 00/19] Patch Round-up for stable 7.2.12, freeze on 2024-06-07
Next by Date: [Stable-7.2.12 10/19] hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
Previous by thread: [Stable-7.2.12 05/19] nbd/server: Mark negotiation functions as coroutine_fn
Next by thread: [Stable-7.2.12 10/19] hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
Index(es):
- Date
- Thread